For starters, these are basically client libraries built on Apex for Force.com that connect to Google API like Google Docs API, Blogger API, Google Calendar API among others.

The method for authentication on the toolkit is built around the AuthSub authentication which as I found out is already deprecated, it is advised to use OAuth 2.0 for authentication & authorization. What this authentication models do is that you authorize your Google Account/Data to be accessed by an external service using a token. The token can be used as is which expires after 24 hours or you can exchange the token for a multisession token which does not expire. Please read up more on this topic from the links above.

Back to the Google API Toolkit, it has a visualforce page with a controller that when accessed, will make token request to Google with a callback URL. However there are some issues when I tried them. I get the following errors.

The site “http://force.com” has not been registered.

Solution here is I had to hardcode the return URL to be capital Force.com on the visualforce page.

Got that to work but the next issue it seems is that there seems to be new kind of restriction for putting Google Data on an iframe. I got the following error.

Refused to display document because display forbidden by X-Frame-Options.

What I had to do is, let the called page load on its own instead of putting it in an iframe. I did this by window.location then the return url.